Self-XSS + CSRF to Stored XSS
Hola, this is Renwa from Kurdistan i’m glad to write my first write-up about infosec and Bugbounties.
so i was digging in the website and finally i found an xss when a user wants to change his name added a simple payload and refreshed the page, bingo!
i started burpsuite and changed my name the request looks like:
hmm that looks interesting, i generated burpsuite CSRF poc
replayed in browser response was:
Awesome! now we have CSRF + Self-XSS let’s chain that together the form now looks like:
and going back to XSSHunter we can confirm it became Stored XSS, when any user opens our HTML form.
After all thanks for reading if i helped clap hands to more write-ups about infosec, remember where there is self-XSS always look for CSRF to chain it together and make it a stored, by self-XSS i don’t mean user entered codes into browser console or self-dom XSS .